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ABSTEACT 


functional Programming systems introduced By 
Backus have, as their chief advantage, attractive algebraic 
properties. This thesis proposes to make use of these 
properties for the purpose of specifying the semantics of 
fP systems. The central idea of the thesis is that a set 
of equations to be satisfied by the operators (combining 
forms) of PP system provides the transformational semantics. 
Also it is proposed that this set of equations can be thought 
of as formal system for deducing program equivalence. One 
such set of equations is proposed and studied. The program 
equivalence proofs derived in this system are presented here 
and these show that the system is easy to use and yet 
powerful. 
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CHAPTER 1 


niTRODUGTIOH 


The Functional Style of progranning [Ba 78] has 
been introduced, hy Backus as an alternative to the conventio- 
nal style of programning.Functional Progracuning, hereafter 
referred simply as FP, systems essentially consist of a set 
primitive functions and combining forms. Conbining forms 
are used to build new programs from existing programs. It 
IS these combining forms which are mainly responsible for 
the ease of programming in an FP system. The main points 
of differences between conventional and Functional style 
are: 

i) Use of variables: 

Conventional programming languages have variables 
and the notion of assigning values to variables. This 
necessiates usually complex state transition functions to 
provide the semantics of such languages. FP, on the other 
hand, is variable free, and therefore its semantics can be 
given in a simpler way. 

ii) Use of combining forms; 

The rich variety of combining foims that can be 
used to construct new functions from old ones in FP is almost 
totally absent in conventional programming. This precludes 
any possibility of developing an algebra for conventional 
programming languages. 
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Por a more detailed and lucid development of PP we refer 
to [Ba 78], 


The combining foms of an PP system are so chosen 
that they enjoy useful relationships among themselves and 
these can be expressed as algebraic identities or equations. 
Thus in PP it is possible to develop an algebra for reasoning 
about programs by manipulating or transforming programs 
themselves with the help of these equations. 

We propose to utilise these algebraic properties 
for specifying the semantics of PP. Our notion of semantics 
IS that the class of equivalent programs (programs computing 
the same function) define the function itself. In this view, 
providing semantics reduces to finding the equivalence class 
of a program. As we have mentioned above, PP programs can be 
transformed into one another through the use of the algebraic 
identities satisfied by the operators. Thus if we can find 
a set of equations which is strong enough to specify all 
possible transformations among programs, then the equivalence 
relation generated by this set of equations will constitute a 
proper semantics. Moreover, the same set of equations can 
serve as as a formal system for program equivalence. 

We have attempted to provide in this thesis such a 
set of equations. We have not been able to characterize the 
power of this set of equations, that is we do not know 
whether from this set of equation we can obtain an equivalence 
proof of any two programs that will be regarded intuitively 
equivalent. However we have been able to derive a number of 
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eq.uivalence proofs within this system and this fact may be 
reckoned towards the practical usefulness of the system. We 
have not formally proved the soundness of the system (that 
is a demonstration that no two non- equivalent programs will 
have a proof of equivalence in the system) as the intuitively 
self-evident nature of the equations render soundness 
obvious. 


In the next chapter we provide informal introduc- 
tion to an PP system to be used in this thesis. Chapter 3 
contains the development and discussion of our eq national 
system. Chapter 4 presents some of the interesting proofs 
obtained using this system. Chapter 5 presents conclusions 
of the present work and suggestions for future work. 



4 


CHAPTER 2 
PP SYSTEMS 


In -fchxs chapter we provide an informal view 
of an PP system which will be used in this thesis. Primitive 
functions of the system are familiar ones, whereas the 
combining forms are simple enough to be understood intuitively 
from their informal descriptions, which we provide here. In 
the next chapter we shall see how we propose to formalize this 
intuitive understanding. 


1. PP System; 

An FP system consists of;- 

a) Set A of atoms , including 0, the null sequence 

b) Set 0 of obnects defined recursively by 

i) J_ is in 0 (the undefined object) 

ii) A belongs to 0 (all atoms are objects) 

iii) If xl,,.,,xn are in 0 then ..,,xi^ is in 0 

(all sequences are objects) 

iv) <xl, = JL if for some i, xi= _j_ 

c ) Set P of primitive fxmctions and set T of combining forms 
and a function Arity:T-^ N where H is set of natural 
numbers, Arity gives the number of arguments a 
particular combining form takes. 

d) Set P of function defined recursively by 

i) P is a subset of P (all primitive functions are 
functions) 
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ii) If belong to F and C belongs to T and 

Arity (C)=n then G(f 1, . , , ,fn) is in F. 

ill) The function defined by Def g=Bg is in F if B 
is a combining form constructed by applying 
combining forms chosen from 1 to functionschosen 
from F together with the function symbol g, 

e) Ihe concept of application of function f in F to an 
object 3 C in 0 denoted by f:x 

The sets P and T will be so chosen that all f in F are 
strict , i.e., f : I = I . 

A program in FP is an expression representing a 
function. All functions are of one tjrpe only, namely 
[0-^0], All functions take single arguments only. There 
are no variables in Fp and combining forms are the means 
of building new functions from existing ones, 

2. Primitive functions and combining forms: 

We now describe a particular FP system which will 
be used in the sequel. 

¥e assume that set of atoms A contains integers, 
booleans and strings over some alphabet. 

Below we give a list of primitive functions and 
their informal meanings. Some of these functions can be 
expressed in terms of other functions but in this chapter 
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we treat then all as primitive. In the next chapter we 
use only the essential prinitives as primitive functions. 


Hane 

Hd,Il 


id 


Description 

Head and fail functions (sane as GAR and 
CDR of Lisp) 

identity function , id:x=x for all x in 0 
and 


Appendl, 

Appendr 


Append function of LISP where only left or 
right list respectively, is expanded. 



Appendr; ^1, , 

\' 


Distl 

Distl: 

<z5,, 

= 

Distr 

Distr: 

^1,., ,,zr^ ,y> 


Trans 

Trans: 

<0,...,0>= 0 



Trans: 

<xl, , , .x^= <^1, 

.. .yr^ 


where 

and 


xi = <^xil, xim^ '1^ i^n 

yo = <xlo,...,xno^ i£ j <m 


Length 


Same as LISP length function 


+, Usual operators of Arithmetic and Logic 

And, or, not 

A tom, Bq., Null, Usual predicates 
L e , . * 
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This completes the list of primitive functions we will 
he using in this thesis. 

The following sat of combining forms are used. 

1. Oom-position; This is the usual composition of 

functions and is denoted by * as infix 
operator. 

(f • g): X = f:(g:x) 

2. 0 onstruc tiont denoted by [...] 

[fl, . .. ,fn]t X = <^fl;x, . . . ,fn; 

Similar to COfTD of LISP and is denoted 
by . 

(p— ^f;g): X = if (p;x)=true then f:x 

else 

if (p: x)=false then g:x 
else 

For every atom x in A there is a 
constant function denoted by x, 

x:y = if (y= JL) then J__ else x. 

5. Insert: This is similar to RBDUGB operator of 

API and is denoted by /, 

(/f): <J^xl, . . . xn^ = f: ‘<^xl,(/f); <(x2, . . .ai)> n 5 2 
(/f); -^xl) = xl 


3. Conditional : 


4. Constant: 
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6. Apply to All; denoted by a . 

(af): ^xl,...xn^ = :xl, . . . ,f :x 2 ^ 

(af); 0 = 0 

This completes our description of the FP system we will 
be using. In the next section a few examples to illustrate 
how to write or build programs in this PP systems are 
provided. For more example we refer to [wi 81], 

3. Sample Programs; 

As Our first example we provide the matrix multip- 
lication program. We define IP the inner product of two 
vectors. 


Def IP = (/+) * (a -*) ' Trans 

The program captures the essential idea that corresponding 
coordinates of the vector have to be multiplicated and 
summed up and no more than this. 

Next let us choose to represent a matrix by a 
sequence of rows each »row being a vector. Thus matrix M 
would look like 

M =^ml,...,m3:^ where mi = <[^mil, , , .mic^ 

where r is the number of rows and c the number of col\ams. 
Let M and N be two compatible matrices for multiplication. 
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We define the natrix nultiplicatxon program MM as follows: 

Def MM = (aaIP)*(aDISTL)*DISTE- [Hd,TRi“^'S-2] 

where 2 is a selector function to pick the second element 
of a se<luence. This program again brings out the strong 
point of PP, that of stating what is essential and nothing 
more. What this definition states is that with each row 
of Matrix M all the columns are associated and their inner 
product is taken. This program also brings out the power 
of combining forms to build programs. 

As Our second example we take slightly more 
complicated problem. We want to find the connected 
components of a graph. Let the graph be provided as the 
incidence matrix of o’s and I's. This matrix is symmetric 
and reflexive. Treating this matrix as a relation, taking 
transitive closure will give us the reduired components as 
equivalence classes. 

Thus we define the function TC for Transitive 
closure as follows 

Def TC = (/mm) • COPY • [Length, id] 

What IS being done make n (number of vertices in the graph) 
copie^ using the function COPY (which can be defined in a 
straight forward manner), of the incidence matrix and 
multiply them together, ¥e can define CC the connected 
component program as follows 

Def CG = Compact • a Rowclass • DISTR* [id, id] « TC 
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Take the transitive closure of the given graph. In this 
equivalence relation find the equivalence class f,or each 
vert ©T* Then pick those equivalence classes which are 
distinct. Function Rowclass finds the equivalence class 
of a particular vertex, Rowclass may be defined as: 

Def Rowclass = Makeclass • [a3qvector*DISTR, 1 ] 

Bq vector is just a function to tost equality of vectors 
and is straightforward. aBqvector*DISTR is boolean vector 
with T for row belonging to the sane class, Makeclass 
function just picks up these row elenents. The rest of th.e 
functions are easy to define. 

These two example should suffice to convince that 
an FP system is powerful and also programs can be built 
hierarchically, A few more examples can be found chapter 4- 
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GHAP[EER '5 

SMAHTIGS OF FP 


In this chapter we present our approach to the 
Semantics of PP. As a by-product we also get a proof 
system. ¥e start by explaining our view of semantics and 
explain how a system of Equations can be regarded as 
providing 'Semantics'. Such a system of equations can 
also be thought of as a formal system to carry out proofs 
to show that two programs are equivalent. We shall present 
hers such a system of equations in an attempt to completely 
specify the PP system semantics. We shall then discuss 
the merits of and the problems associated with our choice. 
We end the chapter by mentioning general properties of such 
systems of equations and by giving references to related 
works. 


1. Semantics: 


Semantics of a programming language should 
enable one to understand, state and prove properties of 
programs written in that language. One approach to semantics 
deals with specifying the input-output behaviour of a program, 
i.e., the function (or relation if the language has non- 
determinism) computed by the program, Denotational semantics 
assigns one function to each construct of the language and 
these are defined through a mutual sot of recursive definitions. 
The solution to this set is guaranteed by Scott's Theory, 

Tho central idea is to associate a function with a program 
which transforms the initial state to a final state. 
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¥e have outlined the above approach to 
contrast with the approach we take. Since programs compute 
functions, it is the set of computable functions ( or a 
subset of it) which we want to specify. It is our thesis 
that the class of all programs which compute the same 
function effectively defines this function. Ihis idea 
has been used in the algebraic specification of Abstract 
lata Types (AIT). To explain what we just said we elaborate 
on the ADT specification in more detail. 

ADT is not 3ust a collection or set of values but 
with a set of operators defined on these values. Hence the 
structure of AIT corresponds closely to algebra. The main 
problem is to provide meanings of these operators without 
any concrete representation. Consider any w ^l-formed 
expression by those operators. These expressions evaluate 
to certain values of the AIT. Two different expressions nay 
evaluate to the same value. Can we deduce this fact without 
actually evaluating them? The answer is yes. If we are 
given some identities that are satisfied by these operators 
then we may be able to transform one expression to the other. 
If the set of eq. nations is sufficiently powerful, or 
'Complete', then we should be able to derive that two 
expressions are elual without evaluating then. 

Thus we can view that a set of equations specify 
the ADT in the following sense. The values of the ADT are 
the equivalence classes of expressions where two expressions 
are equivalent if they are equal by the set of equations. 
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Thus a semantics of the operators is provided by 
a set of etiuations which e<iuate all the expressions represen— 
ting the same data type value. This is our notion of 
semantics of programs as well. If we are able provide a 
system of equations by which we can deduce the eq.uivalance 
of two programs then this set of equations constitute a 
semantics of the language. This nay be properly called 
transformational semantics, but algebraic semantics is more 
wided-y used. 

In the next section we show the similarity between 
ADT and jPP programs and examine how a set of equations to 
be chosen. 

2. FP as an APT; 

In the last chapter we explained how fixnctional 
programs are built from primitive functions and cojabining 
loms. Thus functional programs are the well-formed 
expressions formed by these operators. The ADT is the set 
of computable functions with the structure given by these 
Operators, Thus from the discussion of previous section it 
follows that if a set of equations is found we have a 
semantics of these operators. In the introduction we 
mentioned that these operators do satisfy certain identities. 
Actually they were chosen so that a rich set of identities 
exist. Thus we ca,n certainly hope that we can provide a set 
of equations. Such a set is presented in another section. 

But before proceeding further we briefly point out certain 
salient points of this approach as applicable to PP, 
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A specific set of equations induce a particular 
equivalence relation, i.e., two programs are equivalent 
iff they can be proved equal using this set of equations. 
Different sets of equations define different equivalence 
relations and this corresponds to various types program 
equivalences. For example the empty set of equations 
define a trivial program equivalence, i.e. PI = P2 iff 
they syntactically the same. The set of equations we have 
chosen is such that if two programs are equivalenced by 
this set then they compute same output for all input values. 
Both programs will be undefined or they will be defined and 
equal for any input. Sometimes we may wish to have weaker 
equivalences. This would involve 'loosening* some of the 
axioms so that they can be used to deduce more equivalences. 
Thus one has to 'time* a system to provide the type of 
equivalence one has in mind. 

Another point to be mentioned is the form of 
equations. In actual practice each equation is not appli- 
cable for the whole range of functions. Thus we have to 
restrict the range of application of an equation. ¥e have 
chosen to adopt the following. We prefix a predicate to 
an equation and the equation can be applied only when this 
predicate is true. Those equations not prefixed by any 
predicate are universally applicable. Also we have adopted 
a style for specifying these predicates which integrates 
with the FP style nicely. We explain this in the next 
eection. 


As in chapter 2 we assume that our PP system is 
strict, i.e. all fimctions evaluate to undefined if any one 
of their arguments is undefined. But this is not an essential 
feature of FP. Also in actual implemen-cations using some 
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lazy evaluation schemes one is more interested in 
non- strictness for efficiency considerations. But strictness 
guarattees that any method of evaluation proceeds to obtain 
the least fised point. Thus we have retained this condition 
though it does complicate some of the axioms by requiring 
them to be prefixed by predicates checking that all argments 
are defined. 

Another difficulty that has been faced is that PP 
functions are all of the same type, mapping objects to objects. 
But in practice any program written expects a particular type 
of input to be handled by the program. Ho elaborate checking 
to see that input has the required format and they are 
implicitly assmed to lead to undefined state. When performing 
program transformations ane has to keep track of all these 
input requirements by the prefixed predicates. This makes 
the derivations cluttered with unnecessary details and the 
proof a look messy. The maintenance of the input types and 
their compatibility has to be done manually with adhoc 
arrangements. This is because there is no type specification 
mechanism in PP. To alleviate this problem to some extent 
we have introduced some type checking prediates like 
Issequence and Isnunber. In the absence any general mechanisqj 
for specifying types we have chosen only these two widely 
used types. But a more comprehensive type specification 
method would be very helpful. 

In the next section we present a set of equations 
which will create an equivalence as defined above. 
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'3. Bquational S-pecif ication: 

We name our system of equations as S, This set of 
equations has been chosen such that it is small and 

has no obvious redundancies. Also these axiccis have certain 
intuitive significance as to -what they define. This is 
e3:5)lained in the next section. 

We have grouped these equations as axicns and 
inference rules following the conventional usage of these 
terms. The axioms also have prefixed conditions but these 
are of trivial nature to keep track of some input conditions. 
But the conditions of inference rules generally use previously 
deduced results to derive new identity. 

The notation we have adopted for specifying 
conditional eqixation need some explanation. The general 
syntax is:- 

p y g = d 

where p is a predicate, g and d are expressions. We have 
ambiguously used the truth values of FP (T and !■) tis denote 
Truth and False in our Meta -language as well, Also^ we have 
used FP notation to describe the predicates whereever possible 
As an example let us consider 

Issequence.y ^ Hd, Appendl. [x,y]=x, {A2) 

Issequen*y is a predicate in FP. If the identity 

Issequence*y =T can be established then this 
Axiom can be used without prefixing this predicate to the 
equation being derived. Otherwise, we will prefix this 
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predicate to indicate the conditions underwhich the 
derived equation holds. One advantage is that the whole 
deduction can be carried out in FP language itself, 

¥e are now ready to state the set of equations. 

All symbols are used as explained in chapter 2, where their 
meaning is intuitively explained. The set of Atoms is 
assumed to include integers and and Truth values. 

Primitive functions; 

l) Hd 2) T1 3) Appendl 4) Length 6) Bq 

7) Le 8) Atom 9) Null 10) Issequence 11) Number 

12) Arithmetic operators 15) Logical operators 

remark: The reason for not including other functions . 

introduced in chapter 2 as primitive is that they can 
can be defined in terms of the above. Length is 
included in this list to facilitate the statement 
of some axioms, though it can also be defined from 
the above. Also the concept of length is 
fundamental. 

In Our set of equations we do not present axioms 
for arithmetic operators, logical operators as 
these are well known and we would like to use 
our familiarity with these operators more freely. 

The same for predicate LB as it depends on the 
axioms for arithmetic. The predicates Issequence 
and Isnunber also are not defined because their 
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intuitive meaning is clear and also they are 
used in defining equations and not in FP programs. 

But they can he given in a more elaborate systems. 

C ombining forms: 

1) •(Composition) 2) [ ] (Gonst)3) — (Conditional) 

4) / (Insert) 5) a (Apply to all) 

6) ”” (Constant) 

Set; of Equations (S); 

AXIOM (A); 

Al. Id • f = f j f • id = f 

A 2, -Issequence • y - — ^ Hd • Appendl • [x,y] = x 

A3. (Issequence • y) and (*5 * x) - II- Appendl* [x,y]=y 

A4. Hd • [ ] = X ; T1 • [ ] = X 

A5. Appendl • [ fl , [ f2,...fn]] = [ fl, ...fn] n = 1,2,... 

A6, f • X. = _1_ J [ L.> * * = X. 

A7. Length • [ ] = 0 • 

(T*x) and Issequence * y ” 

Length* Appendl* [x,y3 = +• [ 1, length- y] 

A8. T*y ^ x* • y = X 
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intuitive meaning is clear and also they are 
used in defining equations and not in FP programs. 

But they can he given in a more elaborate systems. 

Combining foms; 

1) • (Composition) 2) [ ] (Const)^) — (Conditional) 

4) / (Insert) 5) a (Apply to all) 

6) ” (Constant) 

Set of Equations (S); 

AXIOM (A); 


Al. Id • f = f ; f • id = f 

A2. 'Issequence • y - — ^ Hd » Appendl • [x,y] = x 

A3. (issequence * y) and (1! • x) - Tl- Appendl* [x,y]=y 

A4. Hd • [ ] = X ? • [ ] = J. 

A5. Appendl • [ fl , [ f2,,..fn]] = [ fl, ...fn] n = 1,2>*»- 

f • X. = _1_ } [ » • .fn] = X. 

A7. length ♦ [ ] = 0 • 

(T*x) and Issequence * y - 

length' Appendl* [2t»y] = +* [ l,length'y3 

A8. f-y - — ^x**y = x 
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A9. Atom • [ ] = T • Atom • x = T 

("5 • x) and (Issequence • y) Atom • Appendl • [xjylzJ 

AlO. Bq • [id, id] = f *, Bq • [x,y] = Bq • [y,x] 

Sq • [x,y] = B for x and "y distinct. 

All. Null • []=!•, Null ' X = B for x different from [ ]. 

(T*x) and (issequence * y) - Null • Appendl * [xjylAP 

A12, Axioms of arithmetic and logical operators and axioms 
for predicates Le, Issequence, Isnunber. 

A13. fl • (f2 • f5) = (fl • f2) • f3 

A14. [fl, ,.,,fn] • h = [fl • h, ,..,fn • h] 

A15. [fl, ...,(pi -A fil;fi2),..fn] = 

(pi -A [fl, . . . ,f il, . . . ,in] j [f 1, . , . ,f i2, , . .fn] ) 

A16, (p — ^ fl;f2) * g = p ♦ g — ^ fl • g } f2 • g 

A17. g • (p fl*,f2) = p -> g • fl ; g • f2 

A18, (T — r- flj-f2) = fl 
(f fl- f2) = f2 

A19. af = Null — y [ ] ; Appendl • [f • hd,(af) • Tl] 

A20. /f = Bq • [length, l] — •> Hd ; f • [ Hd,(/f) • Tl ] 
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In-ference Rules (I); 

IRO. (Hd • fl = Hd • f2) and (T1 • fl = TX • f2) and 

(Issequence • fl) and (issequence • f2) - f 1 = f2 

IRl. (p > fl = f2) and (not*p fl = f2) > 

(*5 . p - fl = f 2) 

IR2. (p f = gl) and (not.p > f = g2) 

(f . p 1 f ^ ( p gl.g2)) 

IR3. (Def fl = B1 (fl))and ( Def f2 « B2(f2)) and 

(fl = B2(fl)) and ( f2 = Bl(f2)) - fl = f2 

IR4, (isnuHler • p) and (Bq • [size,p] fl = f2) and 

((It * {;sxze,n] - fl = f2) - 

(Eq • [size, n] - — - fl = f2 )) - — ^ 

( Ge • [size, p] — fl = f2) 

This completes our list of eq’iations. In the next 
two sections, we "briefly explain those equations and how to 
use then in practice. 

4. Discussion of S; 

Only a brief explanation of Axioms and Inference 
rules is attempted since most of then are self-evident. We 
note that some ^axioms are essentially schemas. Bor example 
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AlO, in an actual systen will "be expanded into a series of 
axions of the kind 

Bq. [a,t)] = 5', where a and h are two distinct atons 
of the systen. 


A 2 - A 5 define the data type of sequences. A6 
IS the strictness axiom. A8 defines the constant function 
with parameters from the set of atons. A9 - All define the 
predicates. AlA - A17 show the interaction among the operators 
construction, composition and conditional. A18 gives the 
meaning of conditional. AI9 - A20 define the combining forms 
a and / respectively. Interaction of these operators with 
others is not given as axions as they can be deduced from 
the defining equations. 

Inference rule IRQ is a basic property of sequence 
operators Hd and Tl. IRl and IR2 are two different versions 
of the well known case analysis. IR3 is the basic rule for 
dealing with recursive definitions and simply says that fl and 
f2 defined by recursively are equal iff the fixed points of 
their defining equations are sane. IR4 is a simple induction 
principle on the 'Size’ of the argument. The induction 
hypothesis is not proved but assumed and from this the truth 
of conclusion for size = n derived. 


We discuss below hOw thu above system is used in 
practice. An RP program consists of a series of definitions: 

Def <pi = Ei( 9I, ...,(pn ) 1 = 1, ...n. 
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where 9 I, ...cpn are function names and Sl,,..En are FP 
expressions with 9 I, ...qjn as variables. All the (p's will 
be distinct, let E be a set of equation 

cpi = Bi(cpl, . . .(pn), 1 = 1 , . ..n. 

¥e distinguish these quations as they are the defining 

equations. Consider P = R+S. All the derivations will take 
place in the system P, 

Note that in IR3 (Ref fl = Bl(fl)) means that 
fl =: Bl(fl) etc. This is essential since it is possible 
to derive g = Bl(g) where g is not the least fixed point of 
B 1 and hence not equal to fl. In proofs of equivalences 
presented in the next chapter we do not use the symbol 

as the context will make it apparent. 

The system presented here is simple and easy to 
understand and use. It does not require of the user any 
mathematical sophistication in predicate calculus or recur- 
sion theory. Once a rule has been stated precisely it can be 
used oi^st as easily as a high-school student uses 
arithmetic laws. Since all deductions are strictly in 
accordance with a set of equations, this system can be practi- 
cally implemented. It can atleast be used to check the proofs 
mechanically, lii is in this context of practical implementa- 
tion that we feel Tern Rewrite Systems have many advantages. 
They are closely related to equational theories and provide 
systematic ways of mechanising equational theories. See 
[O 67 , Hu 80, G-o 80] for more details. 

The next section presents some of the problems 
which are yet to be resolved for our system. 
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5. ProlDlema ; 

Consider Def f= ]. This program 

represents a non- terminating computation. It’s least 
fixed point is J[], , totally ^indeflned function. But 
can we deduce the equation f= _X f^^om our system of 
equations? There does not seem to he any way to do it. 

The above remarks raise two questions. Firstly 
should we have to accept least fixed point theory only’ 
least fixed points have a well known method of implemen- 
tation and also have certain theoretically interesting 
properties. There are a rnomber of recursive definitions 
in which the function that is intuitively obvious is not 
the least fixed point [Ma 78]. In the above case itself 
f can be the function’ everywhere zero'. Thus it is not 
clear what should be the model of computation so that 
our set of equations is compatible with it. 

The second question is more fundamental. It 
raises the question whether our system is complete. Of 
course, no axiomatic system similar to ours can be complete 
in the sense that all possible equivalences can be deduced. 
The existence of such a system would make halting problem 
of Turing machines decidable which is known to be 
undecidable. Cook takes a different approach to prove that 
Hoares axiom system is complete [Co 75], if the underlying 
deductive system is assumed to be non-effective. But we 
have not been able to proceed in that direction due to two 
reasons. Firstly it is not clear in our case, how to 
separate the deductive system. Secondly an interpretive 
model has to be built to show the completeness. Since we 
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assumed all functions to be strict construction of such 
a model will be complicated and completeness also will 
be difficult establish. 

Another problem is the exact equivalence 
induced. Can we show that it coincides with any other 
known notion of equivalence*^ Raoult and Vuillemin [Ra 80] 
prove that two notions of equivalence, one introduced by 
a term rewrite systems and the other through recursion 
theory are equivalent under certain conditions. To apply 
this result we have to embed our equational system in a 
term rewrite system and then chock for these conditions. 
Though there are some algorithms to check for these 
conditions, the presence of commutative axioms complicate 
the matter by requiring term rewrite system to operate on 
equivalence classes of terms rather than terns themselves. 
Also it IS impossible to do any hand computation. 

Thus the exact power of our system needs to be 
characterised in ' rigorous way. But in the next chapter 
we present some proofs of equivalences which should 
convince that the system does have considerable power. 
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CHAPTER 4 
EXAMPLES 


In this chapter we present some of the program 
eg. ui valence proofs worked out. As our first example we 
show the equivalence two recursively defined programs for 
finding the maximum element of a sequence. This example 
IS typical use of the IR3 relating to recursively defined 
functions. We also present an adhoc proof of the same. 

Our second example is proof of McCarthy’s 91 function. 

This example illustrates induction principle (IR4) in a 
general way. The third example is an exercise in program 
validation, A simple sorting program is defined and its 
salient properties are proved. These properties arc 
fundamental to sorting and hence can be said to ‘prove’ 
that the sort program proposed is correct. The fourth 
example is a general theorem adopted from [WI 81], A 
large number of such theorems will prove useful in carrying 
out proofs of equivalence. 

Our presentation, in general, is quite formal. 

W e name some of the identities derived so that they 
can be quoted. To shorten the proofs, we have to omit 
certain obvious steps. In general every equation is 
followed by a bracketed note giving the axioms used or 
other results used. Sometime wo quote a result not deduced 
earlier, in which case it is assumed that the 
result is quite simple to prove, 

Bach proof consists of a series of results 
proved. Bach result is in general a conditional equation 
and in the body of the proof of the result we do not repeat 
these conditions but assume that they hold. Also in most 
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cases we do not explicitly state the conditions relating 
to input data type. This is to make the proofs 

more readable. Also these conditions are very apparent 
from the context. 

lastly we point out that ye 'lise 1,2 etc., as 
selector functions. These can be easily defined as Hd, 

Hd‘ T1 etc. and some of their trivial properties can be 
established formally. The nimerical constants one, two 
etc., are denoted as 1,2 etc. There should be no confusion 
in this notation. 


1. Examnle 1; 

We define the following functions; 

Hull [length,!]-^ 1; Max2* [l,Max,Tl] 

Hull [length, T]-^ Ij Bmax* Reduce 

Hull — ^ ]2;Eq- [length,"!]-^ idj Appendl* 

[Max2* [l, 2], Reduce* Tl« Tl] 

ae*[l,2]-^ 1;2 

Max finds the maximum by a sequential search and 
Bmax finds maximum by comparing neighbouring elements. 

Max2 finds maximum of two numbers. Our goal is to prove 
Bmax = Max. Since both of the functions are recursively 
defined we would use IR3. The proof is given as a sequence 
of results. For many results we would not explicitly state 
the input type restriction of it being a sequence of 
integers. 


Def Max = 
Def Bmax = 
Def Reduces 

Def Max2 = 
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Rl, (Isnumber* x) and (isnunber-y) — Max* [x,y]=jWax2' [x,y] 

R2. (Isnunber«x) and (Isnumber- y) - Bmax* [x,y]=Max2* [x,y] 

(Rl and R2 trivially follow fron Def Max, Def Bmax and 
Def Max2). 

R3» Not* null* y - Max*Appendl* [x,y] = Max2* [x,Max*y] 

Proof; Max'Appondl* [x, y] 

= Max2* [l,Max* Tl]*Appendl* [x,y3 

(J3ef Max*,A14,All; not* null* y - Eq* [length* Appendl* [x,y],T]=: 

1 by A7*,A18) 

= Max2* [x,Max*y3 (A2,A3) 

R4. Bmax = Bmax* Reduce 

Proof; The proof uses IRl with p = G-e* [liength,"?] 

p - Bmax* = Bmax* Reduce (Def Bmax) 

not*p - Bmax* Reduce 

s= Null Bmax* 1? ; Bq * [Length, T]—) Bmax* id> ... 

(Def Reduce;Al7) 

= Null -y _j_;Bq* [Length, ij 1 

(Not*p f or* [Null, Bq» [Length, l]]=T*,A18,Al*, 

Def Bmax ) 


s= Bmax (sane as above) 
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E.5. Ge* [Length,"^] - Bnax*Tl*Tl = Bnax* Tl* Reduce 
Proof: Bnax* Tl» Reduce 

= Bnax* Tl* Append 1* [Max2* [l, 2], Reduce* Tl* Tl] 

(Def Reduce; Go* [Length.,’2];Al8) 

= Bnax* Reduce* PI* T1 (A3) 

= Bnax*Tl*Tl (R4) 

R6, Ge* [Length.,"^] - Max2* [l,Max* Tl] = Max 
Proof: follows directly fron Def Max, 

R7. Max*Reduco=Max 

Proof: We first use IR4 (induction) with size=Length 

and p = "2 . 

(Base): Eq* [length, 2]- Max*Reduce 

=Max* Appendl* [Max2* [l, 2] ,Reduce *T1* Tl] 

(Def Reduce;Eq* [length, 2]; A18) 

=Max* Appendl* [Max2* [l,2],'P] 

(Bq* [length, 2] ^ Tl* Tl^^; Reduce*"^ = ^) 

Jlax* [Hax2* [1,2]] (A5) 

=Wax2* [1,2] 

(length* [Max2* [l,2]] = 1 ; Def Max) 

=Max (Rl) 
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(Induction hypothesis): I/t* [Length, Tl] ^ Max«ReducG=Max 

(Induction Step): (Bq« [Length, n]) and (Gt* [n, 2])- 

Max* Reduce 

= Max'Appendl* [Max2* [l, 2], Reduce* Tl* Tl] 

(Def Reduce; Gt* [n,2];Al8) 

= Max2* [Max2* [ 1,2 ], Max* Reduce* Tl* Tl] 

( 6t* [n,*?]- not* null* Reduce* Tl* T1=:T|R3) 

= Max2* [Max2* [l, 2], Max* Tl* Tl] 

(It* [Length* Tl* Tl,n]*, induction hypothesis) 
= Max2* [l,Max2* [l,Max* Tl]* Tl] 

(associativity of Max2; 1* Tl = 2; Al6) 

= Max (R6,R6) 

Let p = Ge* [Length,"2] 

p _ Max*Reducedr= Max(Base, induction step,IR4) 

Mot*p - Max* Reduce = Max 

(DefMaxjnot* p - or* [nulljSq* [Length, l]]= T*, ) 


Max*Reduce = Max (IRl) 
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R8. Ge* [Length, I] - Max2‘ [l,Bmax* Tl]=Bmax 
Proof? We use IR4 with p = *2 and Size = Length. 

(Base): Bci* [Length, 2l- Max2* [l,Bmax* Tl] 

J^ax2- [1,1- Tl] 

(Def Bmax;Bq.* [Length* Tl,l]=f) 

=Bmax (l*Tl=2jE2) 

(Induction h 3 rpothGsis ) : Lt* [Length ,nl- 

Max2* [l,Bmax* Tl]=:Bmax 

(Induction step): (Bq* [Lengthen] ) and (G-t*[n,2]) - 

% 

Max2* [l,Bmax* Tl] 

:= Max2* [l,Max2* [l,Bniax* Tl]*Tl] 

(Lt* [Length ,n]* T1=T; induction hypothesis) 

= Max2* [Max2* [l, 2] ,Biiiax* Tl* Tl] 

(associativity of Max2} 1* 11=2) 

=r Max2* [l,Bmax* Tl]-Reduce 

(RSjGt* [n,2]- l*Reduce=Max2* [l,2]) , 

= Bmax 

(Lt* [Length,n]'Reduce=f, induction hypothesis5R4) 

Ge* [Length,'?] ) Max2* [l, Bmax* Tl]=Bmax(Base; induction step;IR4) 
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R 9 . Max=l!lull I ^Bq* [Length, ll-^ IjMax* Reduce 
Proofs Pollows from R7. 

RIO. Bmaz=Hull-^ i;Sq* [iongth,l]-^l 5 Maz 2 - [l,Bmax*Tl] 

Proof: Pollows from R 8 . 

Rll, BmaxsMax 

Proof; By Def Bmax,DelMax,R9,R10 and IR 3 . 

Remark: Above we gave a straightforward application of 

IR 3 . In this case a more direct proof can be 
given for Bnax=Max by using IR4 as follows; 

(Base): Iq* [Length,T]- BnaxJiaz from Definitions, 

(Induction hypothesis): It* [length, n]- -^Bnax=Max 
(Induction Step): (Bq* [Length, n] ) and Gt* [n,l]- 

Bmax 

= Bnax* Reduce (R4) 

= Max* Reduce 

(Lt* [Length, n]'Reduce=T; induction hyp.) 
= Max (R7) 


Ge* [length,!^-— ^ Bnax=JIax (Base*, induction step*, IR4) 
Bq* [Length ,"5 ]- — ^ Bmax=J'lax(Def Bnax*,Def Max) 
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Such proofs can bo attempted when the functions 
are total over a datatsrpe, in this case sequence of nunbers. 

2. Bstamnle 2 

This example illustrates a case for which 
induction is used but the size function is not so straight 
forward as in the above proofs. 

Dcf F = G-t* [id,100]-^ -• [id, 10]}F-F* +[id, ll] 

Def & = Gt- [id,lOO]-^ --[Id, 10]*, 91 

F is the well-known McCarthy’ s 91 function. Our goal is to 
prove F = G, 

¥g will use induction principle IR4 with p = 1 and 
Size = least i such that ( n+11 i ) > lOO 




This function is easily definable in FP but we 
do not give a formal definition. Since we have not given 
axioms for larithmetic operators we assume the following 
properties of size. But once the axioms for arithmetic are 
specified these can be derived formally. 


El. 

Size* +• [id, ll] C 

Size 


RPs. 

Bq* [Size,^)] 



Gt* 

[id, 100 J = T 

R3- 

Gt* [Size,0] 

- 

Le* 

[id, 100] = T 

it4. 

Bq* [Size,!] 

^ 

And 

• [Be* [90,id],Le* [id,l00]] 

R5. 

F90 = F91 = 

• • • “ 

= FlOl = 91 (from Def F) 
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Proof; 

(Base); Bq* fsize,l]— F = 91 (E-4}B.5) 

= G (Dof Gj R3) 

(Induction hypothesis): It* [Size,n] ^ F = G 

(Induction Stop): (Sq* [Sizo,n] ) and (Gt* [n,l]) ^ 

F=F*F*+* [id,ll] (R3) 

=F* G* +• [id,ll] (Rl; ind. hyp.) 

=Ge* [id,90]--) F*+* [id,l]*,F*91 
(Dof Gj A16,A17) 

^iGe* [id,o90]-^ F-h- [ id,l]; 91 (R5) 

= 91 

(Ge* [id, 90] > F*+* [id,l]=91 hy H3 and R 55 (p-9^f >1 )=f hyA18,IRl) 

=G (lef G}Ie* [id,100]=f by R^; A18) 

Go* [Size,T]- F=G (Base, induction step;IR4) 

3q*[Size,'0] ^ F=G (R2*, A18) 

Ge* [Size,'S]- F=G (by the two above equations) 

Ge* [Size,^] = Isnunber (R2,R3) Q.B.D. 
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3 Example 3; 

In this section we take a different viewpoint. 
Our emphasis is on proving program correctness rather 
than program equivalence. But we reduce the problem to 
program equivalence. We say that if certain key properties 
of a program are identified and shown to hold then we can 
hope that the program is ‘correct’. In effect these 
properties should specify the program. Of course for 
many problems the only conditions or properties that can be 
stated are the input output conditions in which case one 
may not benefit much from this. 

We present here a sorting program, a very simple 
one? and show that it satisfies certain properties which 
characterise the prdjblcm of sorting. 

Def SORT = Bq* [length, 1 }-^ id; Appendl* [Max, Sort* Rest* 

[Max, id] ] 

Def Rest = Null* 2-^ '^•.Bq* [l,l* 2]-^ Tl* 2; 

Appendl* [l* 2, Rest* [l,Tl*2]] 

Def Pern = Bq* [length* 1, length* 2]-^ Pairoff; 

Def Pairoff = And* [Null* 1, Null* 2 ]-^T; Bind* [l*l,2]-^ 

Pairoff* [Tl* l,Rest* [l-l,2]]*,P 

Def Ordered = Bq* [length ,l]^f; Iq® [Max,l]-^ordered* Tl;f 

Def Bind = Null- 2-^ l;Bq* [l,l* 2]-^T;Bind* [1,11* 2] 

= Null-^ [length, 13-^ l;Max2* [l,Max*Tl] 


Def Max 
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All functions are easily understood except 
perhaps PBItM, PBEM takes two sequences and checks whether 
they are permutations of each other or not. Find '(x,y) 
tells whether x occurs in y or not. We have to prove the 
following properties. 

PEEM- [Sort,i^ =T (p) 

1 

ORDEEBD* Sort =f (0) 

Rl, (Rot* Null- y)and(Pind* [x,y] )- 

+• pi, length* Rest* [x,y] ]=Length* y 
Proof: We use IR4 with Size = length* y and p = 1 

SI, +• [l,length*Rest* [x,y]]=Bq* [x,l*y]-^ length*y*, 

+* pi, length* Rest* [x,Tl*y]] 

(Def Rest*,Al7*,A7}null* y=^ ) 

(Base): Bq* [length* y,T]- -^+* [l^longth-Rest* [x,y]] 

=length* y 

(SljFind* [x,y] ^ Or* [Bq* [x, 1* y],Find* [x,Tl*y]]=l*, 

Bq* [length* y,l]- Find* [x,Tl*y]=P) 

(Induction hypothesis): It* [length* y,n]- 

+* [I, length* Rest* [x,y]]=l<ength*y 
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f Induction Step): 

Now we use IRl with p = Bq* [x,l*y] 

p ^ +• p!., Length* Rest* [x,y]]=Length* y(Sl}A18) 

Not*p - +* [l, Length* Rest* [x,y]] 

= +* [l,+* [l, Length* Rest* [x,Tl*y]]] (S1,A1S) 

= +* [l, Length* Tl* y] 

( (Find* [x, y] ) and (not*p)- Find* [x, Tl* y]=f*, Ind. Hjrp^ 
= Length* y (A7*,A5) 

(Bq* [Length* y,n] ) and (G-t*[ntT]) - 

+• [l,Length*Restt [x,y]] =length*y (IRl) 

(Ge* [Length- y,l] )- +* [l,Length-Eest • [x,y ]]=Length*y 

(Base, Induction Step, IR4) 

But Ge* [Length* y,T] = not* null* y 

R2. (Not* null)- Length* Sort = Length 
First we state; 

S2. Length* sort 

= Bqv [Length,!]-^ L?ngth*,+* [l, Length* Sort*Rest^Max, id] ] 
(Bef Sort;Al7,-A7*, Al) 
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S3* Find* [Max, id] = "5 (can be proved using Def Find, 

Def Max and IR4) 

S4. +• p!.,Lengt]i*RGst * [Max, id] ]=L9ngth (B.1) 

S5* it* [Length. Rest* [Kax,id],Lpngth]='5 

(S4 and axioms of arithmetic) 

Proof: We use IR4, with si 2 e=Length and p = T 
(Base); Bq.* [Length,!]- Length* Sort=Length( 32; A18) - 

(Induction hypothesis); Lt* [Length, n]- Length* Sort=Length 
(Induetion step): (Bq* [Length, n])and (G-t*[n,T])- 

Length* Sort 

= +• [l, Length* Sort* Rest* [Max, id] ](S1; AI8) 

= +• [T, Length* Rest* [Max, id] ] 

(35; • Induction Hypothesis) 
s= Length* id (S5;Rl) 

= Length (Al) 

Ge* [Length,!] ^ Length-Sort = Length (Base; Ind. Step; IR4) 

Not*Iul! ^ Length* Sort = Length (Go* [Length, l]=Rot* Hu!!) 

R3. PERM* [Sort,id]=Pairoff- [Sort, id] (Def PBEM*,R2;A18) 
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R4. Rot* Null- -^Pairoff* [Sort, id] 

Proof; We use IR4 with Size=Length and p=l 
(Base): Bq* [Length, l]- Pairoff* [Sort, id] 

rJPind* [l, id]- Pairoff • [Tl* Sort, Rest* [l, id] ];T 
(Def Pairoff; Def Sort; Bq* [Length,!]) 

=Pairoff* [Tl*Sort,Tl] 

(Find* [1, id ]=■!!?; Rest- [l,id]=Tl) 

(Bq- [Length,!] > Hu!!- T!=Rul!- T!- Sort=T) 

(Ind. Hjrp,): Lt- [Length , 11 ]- Pairoff • [Sort, id ]=:f 

(Ind. Step): (Bq- [Length,n]) and (Gt* [n,l])- 
Pairoff- [Sort, id] 

=Pind* [Max, id ]-^ Pairoff - [Sort,id]-Rest- [Max,id];P 

(Def Pairoff; Gt- [n,l]- -^!* Sort=Max;Gt* [n, !]- 
T!- Sort=Sort*Rest- [Max,id], A!6) 

=Pairoff* [Sort, idJ-Rest- [Max, id] 

(Find* [Max, id]=f ;A!8) 

=1 

(S5 of R2; Induction Hypothesis) 
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Not»IIull Pairoff' [Sort, id ]=l?(Base5 Step',IR4) 

R5. PERM* [SortjidlsTf (By R3 and R4) 

R6, Max* Sort=l* Sort 

Proof: "We do not present the proof as it is again a 

simple application of IR4. 

R7. Not*Hull- Ordered* Sort=T 

Proof; We suso IR4 with Size* length and p = 1 

(Base): Bq* [Length, l]- -^(^rdered* Sort=:Eq* [Length* Sort,! ]-^T} . 

=f (Length* Sort=length,A18) 

(Ind.Hyp.): Lt* [Length, n]- Ordered* Sortrrf 
(Ind. Step) : (Bq* [Length, n] ) and (Gt* [n,l]) — 

Ordered* Sort 

=Bq* [ Max* Sort, 1* Sort ]-^ Ordered* Tl* Sort;5* 

(Def Ordered; Gt* [n,l];A18,itl6) 

=Ordered- Tl* Sort (!B-6,A10, 418) 
mOrdered* Sort* Rest* [Max, id] (Def Sortjii.3) 

=T (S5 of R2; Induction Hypothesis) 

Hot* Hull ^ Ordered* Sort = 1 (Baset Induction Step; IR4) 


Q.B.D 
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i..J. ? .£!SX>le 

We want to prove the following identity: 
for n > 1 and all programs f,a,b,and c: 

[a»l,f [b,c] = [a^’T^j/f* [a^“^»b, ...,b,c]] 


where 

„n+l n 

g = g*g 

and g° = id 

P roof : 

We prove 

by induction on n 

Basis: 

11 

H 



[a*l,f ]• [b,c]=[a*b,f* [b,c]] (iil4j l«[b,c3=b) 

= [a*b,/f* [b,c3 ] (by A20) 

(ind.Hyp,): Theorem . true for n=U 

Case n=N+l-,Iet B=[a^-b,/f* [a^"^- b, . . . ,b, c] ] 

[a*l,f [b,c]=[a*l,f ]• [a*l,f 3^- [b,c] (by Defn. of g^ ) 

= [a*l,f3*B (by induction hypothesis) 

= [a*l*B,f-B] (A14) 

= [a* a*^* b,f • [a^» b,/f« [a^”^* b, . , , ,b, c3 3 3 

(l*B=a^-b) 

= [a^'^^*b,/f* [a^*b, . ..,b,c3] (by A20 and Defn* g^"") 

Q.B.D, 

Remark: Some remarks are in order. Firstly the statement 


of the theorem is not an identity of FP in the true sense. 
This identity is in effect a schematic representation of an 
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CHAPTER 5 

GONQliUSIONS AND SUGGEST ICES EOR 
FURTHER WORK 


We attempted in this thesis to use the algetraic 
equations that relate various combining forms of FP in 
specifying the semantics of FP. Our approach was motivated 
by the approach taken in algebraic specification of data 
types. We have boon able to providn a sot of equations which 
IS practically interesting as many program equivalence proof § 
can bo carri“-d out in this system of equations. We have given 
a fair sample of such proofs. A straight forward induction 
principle appears in our system as a rule of inference. The 
reason for not including some of the other induction principle 
(e.g. structural, computational etc.) is that they would 
increase tho complexity of the system and it is not clear to 
us whether there will be any fundamental improvement in the 
power of this system. We could not give a characterisation 
of tho power of the system of equations that is given hero, 

■ Future research can be along the following linos. 

a) Examining how completeness in Cook’s sense [ Co 75] 
can be extended to systems similar to ours. This will also 
involve developing an interpretive model for FP . 

b) Examining whether notions similar to sufficient 
completeness etc. of ADTs [Gru 78] can bo defined and studied 

for our system. 
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c) To chock whether the equivalence generated by 
equational systo. .s coin.oLda with other notions of equivalence 
developed elsewhere. See [ Rao 80l» 

d) It would b. intor^'oting and useful to conctruct and 
cxnnin r. an PP syetr- in which strictness condition is 
renovod. P-rhaps onr can study in which all functions are 
strict except the constant function. This nay involve putting 
so!..e restrictions on the order of substitutions. 

^ a*.i tionc'd in chapter 5, lack of general type 

specif ic'ition i''iciliti > t creates the problcr of having to 
keep track of input typos pomitted. 1 systematic type 
snacif ication mochaniS''i would enable one to autonate this. 

But this rajchanism should fit in nicely with the rest of 
PP systen. 

T) Practical iQpl''ri''ntation of an equational system 

for f/rograL' transformations and deduction of program 
equivalence based on our experience can be attempted. In this 
connection tom rewrite system (TRS ) should prove useful as 
they are ideally suited to nodol formula manipulating systems. 
In this connection wo refer to [ Hu 80, G-o 80] and the 
reforcncos there of. 
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